Page MenuHomePhabricator
Files F15308498

D21453.id51066.diff
No OneTemporary
Actions

D21453.id51066.diff
View Options

diff --git a/src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php b/src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php
--- a/src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php
+++ b/src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php
@@ -82,7 +82,12 @@
}
$format = $parameters->getChildByIndex($start);
- if ($format->getTypeName() != 'n_STRING_SCALAR') {
+ if (!$format->isConstantString()) {
+
+ // TODO: When this parameter is not a constant string, the call may
+ // be unsafe. We should make some attempt to warn about this for
+ // "qsprintf()" and other security-sensitive functions.
+
continue;
}
diff --git a/src/lint/linter/xhpast/rules/__tests__/formatted-string/formatted-string.lint-test b/src/lint/linter/xhpast/rules/__tests__/formatted-string/formatted-string.lint-test
--- a/src/lint/linter/xhpast/rules/__tests__/formatted-string/formatted-string.lint-test
+++ b/src/lint/linter/xhpast/rules/__tests__/formatted-string/formatted-string.lint-test
@@ -11,12 +11,17 @@
queryfx(null, 'x', 'y');
foobar(null, null, '%s');
+
+pht('x %s y');
+pht('x %s y'.'z');
~~~~~~~~~~
error:3:1:XHP54:Formatted String
error:7:1:XHP54:Formatted String
error:8:1:XHP54:Formatted String
error:11:1:XHP54:Formatted String
error:13:1:XHP54:Formatted String
+error:15:1:XHP54:Formatted String
+error:16:1:XHP54:Formatted String
~~~~~~~~~~
~~~~~~~~~~
{

File Metadata

Mime Type
text/plain
Expires
Fri, Mar 7, 6:21 AM (1 w, 5 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7228246
Default Alt Text
D21453.id51066.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility